CVE-2015-0650

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 Cisco IOS XE versions 3.9.xS through 3.10.3S Cisco IOS XE versions 3.11.xS through 3.11.2S Cisco IOS XE versions 3.12.xS through 3.12.1S Cisco IOS XE versions 3.13.xS through 3.13.0S

Description The vulnerability is due to improper validation of mDNS packets, allowing an unauthenticated, remote attacker to reload the vulnerable device by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. This could allow the attacker to cause a denial of service (DoS) condition.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4, update to a fixed version. For Cisco IOS XE versions 3.9.xS through 3.10.3S, update to version 3.10.4S or later. For Cisco IOS XE versions 3.11.xS through 3.11.2S, update to version 3.11.3S or later. For Cisco IOS XE versions 3.12.xS through 3.12.1S, update to version 3.12.2S or later. For Cisco IOS XE versions 3.13.xS through 3.13.0S, update to version 3.13.1S or later.